
4 Things to Know About GDPR and Why It Matters to HR
Est. Read Time: 3 min.
In May 2018, the EU will implement its new data privacy regulation, called General Data Protection Regulation, or GDPR. This new regulation will have major implications for any company with employees residing in the European Economic Area, regardless of the employees citizenships. The GDPR enhances data protection for employees and carries substantial penalties for non-compliance. The May 2018 compliance deadline is on the horizon and it’s important for companies to understand the GDPR’s impact on their HR departments practices.
The requirements under GDPR are expansive and compliance will call for a concentration of time, effort, and resources from HR departments at affected companies. We’ve outlined the top 4 most important things to know about the GDPR and how it could affect your company.
1. All companies with EU-based employees will be affected.
Even if the company is not established in Europe, any company with employees residing in the European Economic Area must comply with the GDPR. Additionally, third party vendors that process employee personal data (i.e. processors) pursuant to a contract with these companies (controllers) must also comply.
2. The GDPR guides a wide range of data privacy processes.
These extensive requirements will affect organizational and procedural changes within the impacted companies. The GDPR rules cover data processes that span from international transfers of employee data and security measures to employee rights concerning their data and how data is controlled and processed.
3. The GDPR establishes a large number of new rules.
Because the GDPR introduces a considerable amount of new information and regulations, HR departments will need time and resources to account for each new compliance area. Some of the biggest changes include expanded security breach measures and definitions of personal data, extended employee rights, and potential personnel changes, such as the appointment of a Data Protection Officer.
4. Non-compliance is costly.
Once the GDPR goes into effect on May 25, 2018, companies who are non-compliant will face massive penalties. Fines can be as high as 20,000,000 EUR, or up to 4% of a company’s annual global revenue. In addition, employees will be able to take legal action against, and claim damages from, both employers and their third party vendors.
To meet the GDPR requirements, we recommend starting the compliance process as soon as possible. Learn more about GDPR and how you can be prepared for the 2018 deadline!
You May Also Be Interested In:
Why HR should care about accessible technology
In honor of Global Accessibility Awareness Day we’re explaining what accessibility means and why businesses and their HR leaders should pay attention to it. As the world becomes increasingly digital, you’ll surely encounter the need to evaluate new workplace software or tools. For HR especially, considering whether new technology is accessible can make a world of difference for the employee experience. Here’s a brief overview of what you need to know about accessibility:
How NCR stays on top of managing employee record retention guidelines
With 30,000 employees located across all 7 continents, Dana LaBarnes, Senior Director of Global HR Shared Services at NCR, has his work cut out for him. Consider how many different employee record retention guidelines his team must manage—and the fines associated with letting just one document slip through the cracks. It’s not a risk NCR (nor any company) can afford to take. To stay on top of the various document retention schedules for his geographically diverse employee population, Dana needed to find a digital solution. In this video, he explains how he made his decision:
Be ready for the exit: The HR implications of Brexit
In 2016 the people of the United Kingdom voted to no longer be a part of the European Union. After Brexit, new legislation will come into effect. Even if conditions and the date of the exit are still under negotiation and preparation, and the details still unclear, we already know that it will be very impactful for all areas of life in the UK and the EU, including implications for international businesses and their HR departments.
About Arnaud Gouachon
Arnaud leads PeopleDoc's global legal and compliance organization, bringing over 10 years of legal experience. Prior to joining PeopleDoc, Arnaud was Vice President and General Counsel for Transdev On Demand, Inc., a subsidiary of Veolia Environnement group, where his focus was on US commercial contracts, corporate law, compliance and employment law. He has two Masters degrees in law from Northwestern University in the US and Paris XII University in France, as well as a Certificate of Business Administration from Instituto de Empresa in Madrid, Spain. He is a member of the New York Bar.